Reply to Re: email injection query

Your name:

Reply:


Posted by Michael Fesser on 12/05/06 18:55

..oO(mantrid)

>The function I have uses eregi()

eregi() should be avoided. The preg_* functions are faster and much more
flexible. Additionally in PHP 6 the ereg extension will be removed from
the core and moved to PECL, so it might not be available by default.

>to check POST data for "cc:" and "subject:"
>what other checks should I be using in my function to tighten my security
>further?

I wouldn't check for any particular header field at all, but for all
kinds of line breaks, which are required to inject malicious headers.

Micha

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация